From 1614c8ba1e288242b1eafd96a1669b6fb59ded70 Mon Sep 17 00:00:00 2001 From: Jonathan Kang Date: Tue, 24 Oct 2017 16:46:51 +0800 Subject: [PATCH] Revert "network: Remove support for firewalld zones" This reverts commit b36924567e16839fbdc8796b975970e214719d81. --- panels/network/connection-editor/Makefile.am | 2 + .../network/connection-editor/ce-page-ethernet.c | 11 ++ .../network/connection-editor/ce-page-security.c | 14 +++ .../network/connection-editor/ce-page-security.h | 2 + panels/network/connection-editor/ce-page-vpn.c | 11 ++ panels/network/connection-editor/ethernet-page.ui | 30 +++++ .../network/connection-editor/firewall-helpers.c | 125 +++++++++++++++++++++ .../network/connection-editor/firewall-helpers.h | 33 ++++++ panels/network/connection-editor/security-page.ui | 32 ++++++ panels/network/connection-editor/vpn-page.ui | 39 +++++++ 10 files changed, 299 insertions(+) Index: gnome-control-center-3.26.1/panels/network/connection-editor/Makefile.am =================================================================== --- gnome-control-center-3.26.1.orig/panels/network/connection-editor/Makefile.am +++ gnome-control-center-3.26.1/panels/network/connection-editor/Makefile.am @@ -28,6 +28,8 @@ libconnection_editor_la_SOURCES = \ ce-page-vpn.c \ vpn-helpers.h \ vpn-helpers.c \ + firewall-helpers.h \ + firewall-helpers.c \ ui-helpers.h \ ui-helpers.c Index: gnome-control-center-3.26.1/panels/network/connection-editor/ce-page-ethernet.c =================================================================== --- gnome-control-center-3.26.1.orig/panels/network/connection-editor/ce-page-ethernet.c +++ gnome-control-center-3.26.1/panels/network/connection-editor/ce-page-ethernet.c @@ -28,6 +28,7 @@ #include +#include "firewall-helpers.h" #include "ce-page-ethernet.h" #include "ui-helpers.h" @@ -46,9 +47,12 @@ static void connect_ethernet_page (CEPageEthernet *page) { NMSettingWired *setting = page->setting_wired; + NMSettingConnection *sc; int mtu_def; char **mac_list; const char *s_mac_str; + GtkWidget *widget; + GtkWidget *heading; const gchar *name; const gchar *cloned_mac; @@ -80,6 +84,12 @@ connect_ethernet_page (CEPageEthernet *p g_signal_connect_swapped (page->name, "changed", G_CALLBACK (ce_page_changed), page); g_signal_connect_swapped (page->mtu, "value-changed", G_CALLBACK (ce_page_changed), page); + + widget = GTK_WIDGET (gtk_builder_get_object (CE_PAGE (page)->builder, "combo_zone")); + heading = GTK_WIDGET (gtk_builder_get_object (CE_PAGE (page)->builder, "heading_zone")); + sc = nm_connection_get_setting_connection (CE_PAGE (page)->connection); + firewall_ui_setup (sc, widget, heading, CE_PAGE (page)->cancellable); + g_signal_connect_swapped (widget, "changed", G_CALLBACK (ce_page_changed), page); } static void @@ -108,6 +118,9 @@ ui_to_setting (CEPageEthernet *page) NM_SETTING_CONNECTION_ID, gtk_entry_get_text (page->name), NULL); + entry = GTK_WIDGET (gtk_builder_get_object (CE_PAGE (page)->builder, "combo_zone")); + firewall_ui_to_setting (page->setting_connection, entry); + g_free (cloned_mac); g_free (device_mac); } Index: gnome-control-center-3.26.1/panels/network/connection-editor/ce-page-security.c =================================================================== --- gnome-control-center-3.26.1.orig/panels/network/connection-editor/ce-page-security.c +++ gnome-control-center-3.26.1/panels/network/connection-editor/ce-page-security.c @@ -28,6 +28,7 @@ #include "wireless-security.h" #include "ce-page-security.h" +#include "firewall-helpers.h" G_DEFINE_TYPE (CEPageSecurity, ce_page_security, CE_TYPE_PAGE) @@ -147,6 +148,7 @@ security_combo_changed (GtkComboBox *com gtk_container_remove (GTK_CONTAINER (parent), sec_widget); gtk_size_group_add_widget (page->group, page->security_heading); + gtk_size_group_add_widget (page->group, page->firewall_heading); wireless_security_add_to_size_group (sec, page->group); gtk_container_add (GTK_CONTAINER (vbox), sec_widget); @@ -203,6 +205,7 @@ finish_setup (CEPageSecurity *page) NMConnection *connection = CE_PAGE (page)->connection; NMSettingWireless *sw; NMSettingWirelessSecurity *sws; + NMSettingConnection *sc; gboolean is_adhoc = FALSE; GtkListStore *sec_model; GtkTreeIter iter; @@ -349,6 +352,13 @@ finish_setup (CEPageSecurity *page) page->security_combo = combo; + page->firewall_heading = GTK_WIDGET (gtk_builder_get_object (CE_PAGE (page)->builder, "heading_zone")); + page->firewall_combo = GTK_COMBO_BOX (gtk_builder_get_object (CE_PAGE (page)->builder, "combo_zone")); + + sc = nm_connection_get_setting_connection (CE_PAGE (page)->connection); + firewall_ui_setup (sc, GTK_WIDGET (page->firewall_combo), page->firewall_heading, CE_PAGE (page)->cancellable); + g_signal_connect_swapped (page->firewall_combo, "changed", G_CALLBACK (ce_page_changed), page); + security_combo_changed (combo, page); g_signal_connect (combo, "changed", G_CALLBACK (security_combo_changed), page); @@ -360,6 +370,7 @@ validate (CEPage *page, GError **error) { NMSettingWireless *sw; + NMSettingConnection *sc; WirelessSecurity *sec; gboolean valid = FALSE; const char *mode; @@ -402,6 +413,9 @@ validate (CEPage *page, valid = TRUE; } + sc = nm_connection_get_setting_connection (connection); + firewall_ui_to_setting (sc, GTK_WIDGET (CE_PAGE_SECURITY (page)->firewall_combo)); + return valid; } Index: gnome-control-center-3.26.1/panels/network/connection-editor/ce-page-security.h =================================================================== --- gnome-control-center-3.26.1.orig/panels/network/connection-editor/ce-page-security.h +++ gnome-control-center-3.26.1/panels/network/connection-editor/ce-page-security.h @@ -45,6 +45,8 @@ struct _CEPageSecurity GtkComboBox *security_combo; GtkWidget *security_heading; + GtkComboBox *firewall_combo; + GtkWidget *firewall_heading; GtkSizeGroup *group; gboolean adhoc; }; Index: gnome-control-center-3.26.1/panels/network/connection-editor/ce-page-vpn.c =================================================================== --- gnome-control-center-3.26.1.orig/panels/network/connection-editor/ce-page-vpn.c +++ gnome-control-center-3.26.1/panels/network/connection-editor/ce-page-vpn.c @@ -28,6 +28,7 @@ #include "ce-page-vpn.h" #include "vpn-helpers.h" +#include "firewall-helpers.h" G_DEFINE_TYPE (CEPageVpn, ce_page_vpn, CE_TYPE_PAGE) @@ -106,10 +107,17 @@ static void connect_vpn_page (CEPageVpn *page) { const gchar *name; + GtkWidget *widget; + GtkWidget *heading; name = nm_setting_connection_get_id (page->setting_connection); gtk_entry_set_text (page->name, name); g_signal_connect_swapped (page->name, "changed", G_CALLBACK (ce_page_changed), page); + + widget = GTK_WIDGET (gtk_builder_get_object (CE_PAGE (page)->builder, "combo_zone")); + heading = GTK_WIDGET (gtk_builder_get_object (CE_PAGE (page)->builder, "heading_zone")); + firewall_ui_setup (page->setting_connection, widget, heading, CE_PAGE (page)->cancellable); + g_signal_connect_swapped (widget, "changed", G_CALLBACK (ce_page_changed), page); } static gboolean @@ -118,10 +126,13 @@ validate (CEPage *page, GError **error) { CEPageVpn *self = CE_PAGE_VPN (page); + GtkWidget *widget; g_object_set (self->setting_connection, NM_SETTING_CONNECTION_ID, gtk_entry_get_text (self->name), NULL); + widget = GTK_WIDGET (gtk_builder_get_object (CE_PAGE (page)->builder, "combo_zone")); + firewall_ui_to_setting (self->setting_connection, widget); if (!nm_setting_verify (NM_SETTING (self->setting_connection), NULL, error)) return FALSE; Index: gnome-control-center-3.26.1/panels/network/connection-editor/ethernet-page.ui =================================================================== --- gnome-control-center-3.26.1.orig/panels/network/connection-editor/ethernet-page.ui +++ gnome-control-center-3.26.1/panels/network/connection-editor/ethernet-page.ui @@ -226,6 +226,36 @@ + + + True + False + 1 + Firewall _Zone + True + combo_zone + + + 0 + 4 + 1 + 1 + + + + + True + False + 0 + 1 + + + 1 + 4 + 1 + 1 + + Index: gnome-control-center-3.26.1/panels/network/connection-editor/firewall-helpers.c =================================================================== --- /dev/null +++ gnome-control-center-3.26.1/panels/network/connection-editor/firewall-helpers.c @@ -0,0 +1,125 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * (C) Copyright 2013 Red Hat, Inc. + */ + +#include "config.h" + +#include +#include + +#include "firewall-helpers.h" + +typedef struct { + gchar *zone; + GtkWidget *combo; + GtkWidget *label; +} GetZonesReplyData; + +static void +get_zones_reply (GObject *source, + GAsyncResult *res, + gpointer user_data) +{ + GDBusConnection *bus = G_DBUS_CONNECTION (source); + GetZonesReplyData *d = user_data; + GVariant *ret; + GError *error = NULL; + const gchar **zones; + gint idx; + gint i; + + ret = g_dbus_connection_call_finish (bus, res, &error); + + gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (d->combo), + C_("Firewall zone", "Default")); + gtk_widget_set_tooltip_text (d->combo, _("The zone defines the trust level of the connection")); + + idx = 0; + if (error) { + gtk_widget_hide (d->combo); + gtk_widget_hide (d->label); + g_error_free (error); + } + else { + gtk_widget_show (d->combo); + gtk_widget_show (d->label); + g_variant_get (ret, "(^a&s)", &zones); + + for (i = 0; zones[i]; i++) { + gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (d->combo), + zones[i]); + if (g_strcmp0 (d->zone, zones[i]) == 0) + idx = i + 1; + } + if (d->zone && idx == 0) { + gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (d->combo), + d->zone); + idx = i + 1; + } + g_variant_unref (ret); + } + gtk_combo_box_set_active (GTK_COMBO_BOX (d->combo), idx); + + g_free (d->zone); + g_free (d); +} + +void +firewall_ui_setup (NMSettingConnection *setting, + GtkWidget *combo, + GtkWidget *label, + GCancellable *cancellable) +{ + GDBusConnection *bus; + GetZonesReplyData *d; + + bus = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, NULL); + + d = g_new0 (GetZonesReplyData, 1); + d->zone = g_strdup (nm_setting_connection_get_zone (setting)); + d->combo = combo; + d->label = label; + + g_dbus_connection_call (bus, + "org.fedoraproject.FirewallD1", + "/org/fedoraproject/FirewallD1", + "org.fedoraproject.FirewallD1.zone", + "getZones", + NULL, + NULL, + 0, + G_MAXINT, + cancellable, + get_zones_reply, d); + g_object_unref (bus); +} + +void +firewall_ui_to_setting (NMSettingConnection *setting, GtkWidget *combo) +{ + gchar *zone; + + zone = gtk_combo_box_text_get_active_text (GTK_COMBO_BOX_TEXT (combo)); + if (g_strcmp0 (zone, C_("Firewall zone", "Default")) == 0) { + g_free (zone); + zone = NULL; + } + + g_object_set (setting, NM_SETTING_CONNECTION_ZONE, zone, NULL); + g_free (zone); +} Index: gnome-control-center-3.26.1/panels/network/connection-editor/firewall-helpers.h =================================================================== --- /dev/null +++ gnome-control-center-3.26.1/panels/network/connection-editor/firewall-helpers.h @@ -0,0 +1,33 @@ +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * (C) Copyright 2013 Red Hat, Inc. + */ + +#ifndef _FIREWALL_HELPERS_H_ +#define _FIREWALL_HELPERS_H_ + +#include +#include + +void firewall_ui_setup (NMSettingConnection *setting, + GtkWidget *combo, + GtkWidget *label, + GCancellable *cancellable); +void firewall_ui_to_setting (NMSettingConnection *setting, + GtkWidget *combo); + + +#endif /* _FIREWALL_HELPERS_H_ */ Index: gnome-control-center-3.26.1/panels/network/connection-editor/security-page.ui =================================================================== --- gnome-control-center-3.26.1.orig/panels/network/connection-editor/security-page.ui +++ gnome-control-center-3.26.1/panels/network/connection-editor/security-page.ui @@ -63,6 +63,38 @@ 1 + + + True + False + 1 + Firewall _Zone + True + combo_zone + + + 0 + 2 + 1 + 1 + + + + + True + False + True + 0 + 1 + + + 1 + 2 + 1 + 1 + + + Index: gnome-control-center-3.26.1/panels/network/connection-editor/vpn-page.ui =================================================================== --- gnome-control-center-3.26.1.orig/panels/network/connection-editor/vpn-page.ui +++ gnome-control-center-3.26.1/panels/network/connection-editor/vpn-page.ui @@ -51,6 +51,45 @@ + + True + False + 6 + + + True + False + Firewall _Zone + True + combo_zone + + + False + True + 0 + + + + + True + False + 0 + 1 + + + True + True + 1 + + + + + False + True + 1 + + + True False